Form Security (discussion)
Posted
by
Eray Alakese
on Stack Overflow
See other posts from Stack Overflow
or by Eray Alakese
Published on 2011-01-17T02:32:05Z
Indexed on
2011/01/17
2:53 UTC
Read the original article
Hit count: 241
I'm asking for brain storming and sharing experience.
Which method you are using for form submiting security ?
For example , for block automatically sended POST or GET datas, i'm using this method :
// Generating random string
<?php $hidden = substr(md5(microtime()) ,"-5"); ?>
<form action="post.php" ....
// assing this random string to a hidden input
<input type="hidden" value="<?php echo $hidden;" name="secCode>
// and then put this random string to a session variable
$_SESSION["secCode"] = $hidden;
**post.php**
if ($_POST["secCode"] != $_SESSION["secCode"])
{
die("You have to send this form, on our web site");
}
© Stack Overflow or respective owner